Two recent developments highlight the challenges companies may face as they explore ways to incorporate AI-based chatbots into their customer service offerings:
- A putative class action filed in California federal...more
2/27/2024
/ Artificial Intelligence ,
Bots ,
CIPA ,
Corporate Counsel ,
Customer Service Calls ,
Customers ,
Cybersecurity ,
Data Collection ,
False Statements ,
Information Sharing ,
Mass Tort Litigation ,
Policy Violations ,
Prior Express Consent ,
Privacy Laws ,
Putative Class Actions ,
Technology
A recent decision by a California district court in J. Doe 1 v. GitHub, Inc., a case brought by computer programmers alleging that their works had been used to train AI models that generate computer code in violation of their...more
In our June Privacy & Cybersecurity Update, we review new data privacy laws in Colorado, Connecticut, Florida and Montana; Verizon’s annual Data Breach Investigations Report; AM Best’s report on cyber insurance trends; and...more
7/6/2023
/ Biometric Information Privacy Act ,
Consumer Privacy Rights ,
Cyber Insurance ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Data Processors ,
Data Protection ,
Employer Liability Issues ,
Employment Litigation ,
Enforcement ,
Investigations ,
Liability ,
Negligence ,
New Amendments ,
New Legislation ,
New Regulations ,
Opt-Outs ,
Popular ,
Privacy Laws ,
State and Local Government ,
State Privacy Laws ,
Technology Sector ,
Verizon
In this month’s Privacy & Cybersecurity Update, we review California’s settlement of the first-ever enforcement action under the California Consumer Privacy Act, as well as the state’s new child-focused privacy law and...more
In this month’s Privacy & Cybersecurity Update, we examine the FTC’s blog post suggesting an increased focus on protecting consumers’ sensitive data and Plaid’s settlement to resolve a class action arising from its data...more
In this month’s Privacy & Cybersecurity Update, we examine the FTC chair’s comments suggesting a potential shift in its approach to data privacy regulation, the European Data Protection Board’s request for comment on its...more
5/4/2022
/ Cybersecurity ,
Data Breach ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Federal Trade Commission (FTC) ,
Food and Drug Administration (FDA) ,
Medical Devices ,
Personal Data ,
Personally Identifiable Information ,
Popular
In this month’s Privacy & Cybersecurity Update, we examine the Illinois Supreme Court’s decision in a case involving workers compensation and the state’s Biometric Information Privacy Act, U.K. data transfer regimes before...more
3/2/2022
/ Biometric Information ,
Biometric Information Privacy Act ,
COPPA ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection Authority ,
EU ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
IL Supreme Court ,
International Data Transfers ,
Internet of Things ,
NIST ,
Personal Data ,
Popular ,
Standard Contractual Clauses
In this month’s Privacy & Cybersecurity Update, we examine the U.S. Chamber of Commerce’s letter to Congress calling for federal cybersecurity legislation, the New York attorney general’s report on “credential stuffing”...more
2/3/2022
/ Biometric Information Privacy Act ,
Commercial General Liability Policies ,
Consumer Financial Protection Bureau (CFPB) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Federal Trade Commission (FTC) ,
FTC Act ,
Medical Devices ,
Personal Information
In this month’s edition of our Privacy & Cybersecurity Update, we examine the California Privacy Protection Agency's public comment period for the California Privacy Rights Act, the U.K. government's public consultation...more
10/4/2021
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
EU ,
Fourth Amendment ,
General Data Protection Regulation (GDPR) ,
Office of Foreign Assets Control (OFAC) ,
Personal Information ,
Public Comment ,
Surveillance
On March 2, 2021, Virginia Gov. Ralph Northam signed into law the Virginia Consumer Data Protection Act (CDPA), making Virginia the second state after California to enact comprehensive privacy legislation. The CDPA will...more
In this month’s edition of our Privacy & Cybersecurity Update, we examine the passage of the ballot initiative that enacts the California Privacy Rights Act, the U.K. Information Commissioner’s Office’s final guidance on data...more
12/2/2020
/ Biometric Information Privacy Act ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Consumer Privacy Rights ,
Corporate Counsel ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Popular ,
Schrems I & Schrems II ,
Standard Contractual Clauses
In this month's edition, we examine the Swiss data protection authority's comments on the validity of its data-sharing framework with the U.S., as well as the European Data Protection Board's guidance on joint controllers and...more
10/10/2020
/ Biometric Information Privacy Act ,
Class Action ,
Constitutional Challenges ,
Cybersecurity ,
Data Collection ,
Data Protection ,
Data Protection Authority ,
European Data Protection Board (EDPB) ,
International Data Transfers ,
Joint Control ,
Metadata ,
National Security Agency (NSA) ,
New Guidance ,
Outer Space ,
Personally Identifiable Information ,
Popular ,
Presidential Memorandum ,
Privacy Laws ,
Social Media ,
Swiss Privacy Shield ,
Trump Administration
In this month's edition of our Privacy & Cybersecurity Update, we examine the EU advocate general's decision in Schrems II, a federal court's ruling that an insurer owed coverage for a social engineering loss, the Chinese...more
2/6/2020
/ Advocate General ,
China ,
Cybersecurity ,
Cybersecurity Framework ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
EU ,
EU-US Privacy Shield ,
Federal Trade Commission (FTC) ,
GA Supreme Court ,
Hackers ,
Mobile Apps ,
Negligence ,
NIST ,
Personal Data ,
Popular ,
Ransomware ,
Schrems I & Schrems II
In this month's edition of our Privacy & Cybersecurity Update, we examine New York's new laws expanding consumer protection for data breaches, the D.C. Circuit's two rulings deepening the split regarding standing in data...more
8/2/2019
/ Article III ,
Biometric Information ,
Consumer Protection Laws ,
Cookies ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Debit and Credit Card Transactions ,
Equifax ,
Fair Credit Reporting Act (FCRA) ,
General Data Protection Regulation (GDPR) ,
Hackers ,
Identity Theft ,
Injury-in-Fact ,
Malware ,
New Legislation ,
Personally Identifiable Information ,
Popular ,
Search Results ,
Settlement ,
Spokeo v Robins ,
Standing ,
State and Local Government ,
State Data Breach Notification Statutes ,
UK
California recently enacted the Consumer Privacy Act, the most stringent privacy law in the United States. Although it does not go into effect until January 1, 2020, most companies will need a number of months to prepare. The...more
3/22/2019
/ California Consumer Privacy Act (CCPA) ,
Compliance ,
Consumer Privacy Rights ,
Covered Entities ,
Data Collection ,
Data Privacy ,
Disclosure Requirements ,
Exceptions ,
Exemptions ,
Legitimate Business Purpose ,
Non-Discrimination Rules ,
Opt-Outs ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
Privacy Policy ,
Private Right of Action ,
Research and Development ,
Resident's Rights ,
Right to Delete ,
Right-To-Access ,
Sales Restrictions ,
Training Requirements
The Illinois Supreme Court ruled that an Illinois biometric privacy law does not require individuals to show they suffered harm other than a violation of the law in order to bring suit. As a result, entities are at a greater...more
1/31/2019
/ Appeals ,
Article III ,
Biometric Information ,
Biometric Information Privacy Act ,
Class Action ,
Data Collection ,
IL Supreme Court ,
Injury-in-Fact ,
Privacy Laws ,
Right to Privacy ,
Standing ,
Statutory Rights
While debates about the need for a federal data protection law continued to heat up in 2018, California enacted its own comprehensive privacy law, the California Consumer Privacy Act (CCPA), creating a de facto national...more
In this month's edition of our Privacy & Cybersecurity Update, we examine Brazil's new data protection regulation, the French data protection authority's warning to two companies of potential GDPR violations and the U.S....more
9/7/2018
/ Appeals ,
Brazil ,
Breach Notification Rule ,
CNIL ,
Computer Fraud Insurance ,
Consent ,
Critical Infrastructure Sectors ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Data Protection Acts ,
Data Protection Authority ,
Data Protection Officers (DPOs) ,
Data Retention ,
Denial of Insurance Coverage ,
Department of Homeland Security (DHS) ,
Email ,
Enforcement Actions ,
EU ,
European Commission ,
European Economic Area (EEA) ,
Extraterritoriality Rules ,
France ,
Fraudulent Transfers ,
General Data Protection Regulation (GDPR) ,
Geological Data ,
International Data Transfers ,
Japan ,
Japan-EU Economic Partnership Agreement (EPA) ,
NCCIC ,
Personal Data ,
Policy Terms ,
Popular ,
Public Private Partnerships (P3s) ,
Reciprocity Rules ,
Reversal ,
Scams ,
Social Engineering ,
Spoofing ,
Standard Contractual Clauses ,
Warning Letters ,
Wire Fraud
On June 28, 2018, California Gov. Jerry Brown signed into law the California Consumer Privacy Act (CCPA or “the Act”), which is the broadest and most comprehensive privacy law enacted in the United States to date.1 The CCPA...more
7/12/2018
/ Anti-Discrimination Policies ,
Business Entities ,
California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Consumer Protection Laws ,
Covered Entities ,
Cybersecurity ,
Damages ,
Data Breach ,
Data Collection ,
Data Storage ,
Disclosure Requirements ,
New Legislation ,
Opt-Outs ,
Personal Data ,
Popular ,
Portability ,
Privacy Laws ,
Privacy Policy ,
Private Right of Action ,
Right of Access ,
Right to Delete ,
State Attorneys General
In this month's edition of our Privacy & Cybersecurity Update, we examine new privacy laws in Germany, an FTC settlement with an alleged consumer loan company over unfair and deceptive practices, the dismissal of a data...more
8/2/2017
/ Children's Toys ,
Civil Monetary Penalty ,
Consumer Financial Products ,
Cyber Insurance ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Data Protection ,
Dismissals ,
EU ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
Germany ,
Incident Response Plans ,
Lenders ,
Member State ,
Popular ,
Privacy Laws ,
Risk Mitigation ,
Settlement ,
Standing ,
Unfair or Deceptive Trade Practices
Third Circuit Affirms FTC’s Authority Over Cybersecurity:
In the Wyndham case, the Third Circuit affirmed that the FTC has the authority to regulate cybersecurity under Section 5 of the FTC Act, and that the language of...more
9/2/2015
/ Administrative Authority ,
Automobile Recall ,
Brokers ,
Compliance ,
Connected Cars ,
Cyber Insurance ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Data Security ,
Federal Trade Commission (FTC) ,
FTC v Wyndham ,
Hackers ,
Metadata ,
National Security Agency (NSA) ,
Privacy Concerns ,
Safe Harbors ,
Section 5 ,
Settlement ,
Target ,
Technology ,
Unfair or Deceptive Trade Practices ,
Visa Inc ,
Wyndham
In This Issue:
- Second Circuit Rules Patriot Act Does Not Authorize Bulk Metadata Collection; Congress Reconsiders Certain Patriot Act Authorities
- SEC Issues Cybersecurity Guidance for Investment Companies...more
6/2/2015
/ Broadband ,
Commercial Bankruptcy ,
Customer Lists ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Enforcement ,
FBI ,
FCC ,
Federal Trade Commission (FTC) ,
Insurance Litigation ,
Internet of Things ,
Investment Adviser ,
Investment Funds ,
Jurisdiction ,
Online Privacy Protection Act ,
Patriot Act ,
Personally Identifiable Information ,
Privacy Laws ,
RadioShack ,
Securities and Exchange Commission (SEC)
In This Issue:
- Data-Breach Class Actions After the Supreme Court Decision in Clapper
- California Supreme Court Holds That Song-Beverly Credit Card Act Does Not Apply to Online Purchases
-...more
4/15/2013
/ Clapper v. Amnesty International ,
Class Action ,
Credit Cards ,
Cyber Threats ,
Data Collection ,
Data Protection ,
Federal Trade Commission (FTC) ,
Internet Retailers ,
Personally Identifiable Information ,
Privacy-By-Design ,
SCOTUS ,
Song-Beverly Credit Card Act ,
ZIP Codes
Overview -
On February 1, 2013, the Federal Trade Commission (FTC) issued a staff report providing guidance and promoting best practices to improve transparency throughout the mobile app ecosystem (the Report). The...more
2/14/2013
/ Advertising Networks ,
App Platform Providers ,
Consumer Privacy Bill of Rights ,
Dashboard ,
Data Collection ,
Disclosure Requirements ,
Federal Trade Commission (FTC) ,
Mobile Apps ,
Mobile Devices ,
Mobile Ecosystems ,
NTIA ,
Personally Identifiable Information ,
Privacy Policy